update soter/openssl to fix compatibility with new openssl version #258
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mark unused files to fix "ISO C forbids an empty source file" warning
turn off one nist test on ci by cflags
fix mistake of merging test.mk
…(revert prev changes)
vixentael
reviewed
Dec 8, 2017
| @@ -63,6 +63,7 @@ typedef int soter_status_t; | |||
| #define SOTER_DEBUG_OUT(message) | |||
| #endif | |||
|
|
|||
| #define UNUSED(x) (void)(x) | |||
vixentael
reviewed
Dec 8, 2017
| @@ -826,7 +827,7 @@ static themis_status_t secure_session_finish_client(secure_session_t *session_ct | |||
| return THEMIS_INVALID_PARAMETER; | |||
| } | |||
|
|
|||
| if (memcmp(proto_message->tag, THEMIS_SESSION_PROTO_TAG, SOTER_CONTAINER_TAG_LENGTH)) | |||
| if (memcmp(proto_message->tag, THEMIS_SESSION_PROTO_TAG, SOTER_CONTAINER_TAG_LENGTH) != 0) | |||
There was a problem hiding this comment.
we do compare public data here, right?
There was a problem hiding this comment.
actually yes, it's trying to check that it's correct secure session packet or no
This reverts commit 6913bdf.
vixentael
reviewed
Dec 8, 2017
| // testsuite_enter_suite("soter rand: NIST STS (make take some time...)"); | ||
| // testsuite_run_test(test_rand_with_nist); | ||
| // always fail under ci | ||
| #ifndef CIRICLE_TEST |
|
should close #208 after merge |
…s/themis into lagovas/fix-openssl-usage
ignatk
reviewed
Dec 12, 2017
| @@ -97,6 +97,7 @@ soter_status_t soter_asym_cipher_init(soter_asym_cipher_t* asym_cipher, const vo | |||
| return SOTER_FAIL; | |||
| } | |||
| SOTER_IF_FAIL(soter_asym_cipher_import_key(asym_cipher, key, key_length)==SOTER_SUCCESS, (EVP_PKEY_free(pkey), EVP_PKEY_CTX_free(asym_cipher->pkey_ctx))); | |||
| EVP_PKEY_free(pkey); | |||
There was a problem hiding this comment.
clearly breaks file indentation here
| @@ -152,8 +150,8 @@ soter_status_t soter_asym_cipher_encrypt(soter_asym_cipher_t* asym_cipher, const | |||
| } | |||
|
|
|||
| rsa_mod_size = RSA_size(rsa); | |||
|
|
|||
| if (plain_data_length > (rsa_mod_size - 2 - (2 * OAEP_HASH_SIZE))) | |||
| int temp = (rsa_mod_size - 2 - (2 * OAEP_HASH_SIZE)); | |||
There was a problem hiding this comment.
- indent
- let's not name stuff
temp, but something more context aware, likeoaep_max_payload_length
src/soter/openssl/soter_hash.c
Outdated
| @@ -105,6 +111,7 @@ soter_hash_ctx_t* soter_hash_create(soter_hash_algo_t algo) | |||
| { | |||
| return NULL; | |||
| } | |||
| ctx->evp_md_ctx = NULL; | |||
src/soter/openssl/soter_hash.c
Outdated
| EVP_MD_CTX_cleanup(&(hash_ctx->evp_md_ctx)); | ||
|
|
||
| EVP_MD_CTX_destroy(hash_ctx->evp_md_ctx); | ||
| hash_ctx->evp_md_ctx = NULL; |
| EVP_PKEY_free(pkey); | ||
| } | ||
| EVP_PKEY_CTX_free(asym_cipher->pkey_ctx); | ||
| asym_cipher->pkey_ctx = NULL; |
There was a problem hiding this comment.
- indentation
- can you confirm that
EVP_PKEY_CTX_freealso frees "contained"pkey?
There was a problem hiding this comment.
https://github.com/openssl/openssl/blob/master/crypto/evp/pmeth_lib.c#L339
and also checked with valgrind (he warned that there was double free when I leave EVP_PKEY_free(pkey))
src/soter/openssl/soter_hash.c
Outdated
| { | ||
| return SOTER_SUCCESS; | ||
| } | ||
| else | ||
| { | ||
| soter_hash_cleanup(hash_ctx); |
| @@ -99,15 +101,16 @@ soter_sym_ctx_t* soter_sym_ctx_init(const uint32_t alg, | |||
| ctx->alg=alg; | |||
| uint8_t key_[SOTER_SYM_MAX_KEY_LENGTH]; | |||
| size_t key_length_=(alg&SOTER_SYM_KEY_LENGTH_MASK)/8; | |||
| EVP_CIPHER_CTX_init(&(ctx->evp_sym_ctx)); | |||
| //EVP_CIPHER_CTX_init(ctx->evp_sym_ctx); | |||
| ctx->evp_sym_ctx = EVP_CIPHER_CTX_new(); | |||
There was a problem hiding this comment.
probably should be some failure check here
| @@ -128,12 +132,12 @@ soter_sym_ctx_t* soter_sym_aead_ctx_init(const uint32_t alg, | |||
| ctx->alg=alg; | |||
| uint8_t key_[SOTER_SYM_MAX_KEY_LENGTH]; | |||
| size_t key_length_=(alg&SOTER_SYM_KEY_LENGTH_MASK)/8; | |||
| EVP_CIPHER_CTX_init(&(ctx->evp_sym_ctx)); | |||
| ctx->evp_sym_ctx = EVP_CIPHER_CTX_new(); | |||
src/soter/soter_hmac.c
Outdated
| @@ -46,23 +46,24 @@ soter_status_t soter_hmac_init(soter_hmac_ctx_t *hmac_ctx, soter_hash_algo_t alg | |||
| return SOTER_INVALID_PARAMETER; | |||
| } | |||
|
|
|||
| hmac_ctx->hash_ctx = soter_hash_create(algo); | |||
src/soter/soter_hmac.c
Outdated
| if (SOTER_SUCCESS != res) | ||
| { | ||
| soter_hash_destroy(hmac_ctx->hash_ctx); |
fix incorrect indentation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
due to changes in openssl 1.1.0 was changed:
some_func(ctx->field)insteadsome_func(&(ctx->field))because now they are not public and allocated in heapwant to ask @secumod to check at least src/soter/openssl/soter_rsa_key.c file where work with rsa keys